package com.hxy.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;

@RestController
@RequestMapping("jsr")
public class Jsr250Controller {

    @RequestMapping("m1")
    public String m1(){
        return "m1";
    }

    // 全部允许访问
    @PermitAll
    @RequestMapping("m2")
    public String m2(){
        return "m2";
    }

    // 全部拒绝访问
    @DenyAll
    @RequestMapping("m3")
    public String m3(){
        return "m3";
    }

    // 允许哪些角色访问
    @RolesAllowed("ROLE_ADMIN")
    @RequestMapping("m4")
    public String m4(){
        return "m4";
    }

    @RolesAllowed({"ROLE_ADMIN","ROLE_TEST"})
    @RequestMapping("m5")
    public String m5(){
        return "m5";
    }

    // 自动拼接ROLE_
    @RolesAllowed("TEST")
    @RequestMapping("m6")
    public String m6(){
        return "m6";
    }

}
